The U.S. Commerce Department on Tuesday outlined how it would implement an earlier executive order on “supply chain security” proposed by U.S. President Donald Trump,media outlet CyberScoop reported. For so-called security reasons, the order would give the Commerce Department plenty of room to ban foreign parts in the U.S. IT and communications supply chains.
Commerce Secretary Wilbur Ross will determine “case by case” which parts will be banned on a case-by-case basis, according to a Commerce Department spokesman, a spokesman for the Commerce Department, in a statement.
Under the proposal, the commerce secretary would give the company the opportunity to address U.S. security concerns and avoid a ban before making a final decision to exclude foreign companies from u.S. software and hardware supply chains. The Minister of Commerce will send an unclassified ruling to the parties to explain the decision and make it public in due course.
The proposal is a key step toward implementing a stricter National Policy on U.S. supply chains. When he signed the executive order in May, Mr. Trump invoked a “national emergency” to fill security vulnerabilities in software and hardware purchased by key U.S. infrastructure companies from other countries.
The policy change comes as federal agencies continue to warn foreign spies that they have infiltrated U.S. supply chains. But the U.S. government’s concerns far outweigh any one company or government. The executive order notes that foreign adversaries are increasingly embedding and exploiting IT vulnerabilities in IT “to carry out malicious, web-based actions against Americans, including economic and industrial espionage.”
The executive order is one of a series of measures the Trump administration has taken to address supply chain security. The U.S. Department of Homeland Security has a national risk management center to address the issue, and a cross-agency Acquisitions Committee warns agencies not to buy unsafe products.
The Commerce Department will consult the public before the proposal is put forward next month, but has nothing to do with what constitutes a “foreign adversary.” The Commerce Department says it’s up to Ross.
U.S. prosecutors last month announced charges against a New York company alleging that it sold Chinese-made devices with known cyber security vulnerabilities and falsely claimed that the technology was made in the United States.